On Tue, 28 Mar 2006 23:22:26 -0500 Jim Laurino <nfcan.x.jimlaur@xxxxxxxx> wrote: > I am not an expert on this, > but for what it is worth: > > Perhaps the rules used to detect > and limit brute force ssh attacks > could be adapted to your need. You are talking about "recent" module... I don't know how I can use it in my situation.... > Does NetLook have a predictable pattern? Forget about NetLook... My criteria for blocking is: if rate of SYN packages from ONE source IP is greater then 3packets/sec => then block this IP And i can't add rule "-m limit" per all source IP in my net, because my net is big (~255^3).... > You can find out about the ssh blocking rules > if you search the archives for 'brute force'. > > Hope that helps. -- Biomechanica Artificial Sabotage Humanoid
